The fear of changes is what makes hackers' job easy. People don't upgrade and patch, and vulnerabilities stays there waiting to be exploited. Of course changes must be planned and properly managed, but there should be not any fear of them. People should start to fear about what happens *if they don't upgrade and patch*. If maybe ten years ago the say "if it works don't change it" could have sometimes been true, today it's "if you don't patch it will be exploited". And a good backup is useful not only when upgrading...